Synopsis

Description

The
malloc()
function allocates
size
bytes and returns a pointer to the allocated memory.
The memory is not initialized.
If
size
is 0, then
malloc()
returns either NULL,
or a unique pointer value that can later be successfully passed to
free().

The
free()
function frees the memory space pointed to by
ptr,
which must have been returned by a previous call to
malloc(),
calloc(),
or
realloc().
Otherwise, or if
free(ptr)
has already been called before, undefined behavior occurs.
If
ptr
is NULL, no operation is performed.

The
calloc()
function allocates memory for an array of
nmemb
elements of
size
bytes each and returns a pointer to the allocated memory.
The memory is set to zero.
If
nmemb
or
size
is 0, then
calloc()
returns either NULL,
or a unique pointer value that can later be successfully passed to
free().

The
realloc()
function changes the size of the memory block pointed to by
ptr
to
size
bytes.
The contents will be unchanged in the range from the start of the region
up to the minimum of the old and new sizes.
If the new size is larger than the old size, the added memory will
not
be initialized.
If
ptr
is NULL, then the call is equivalent to
malloc(size),
for all values of
size;
if
size
is equal to zero,
and
ptr
is not NULL, then the call is equivalent to
free(ptr).
Unless
ptr
is NULL, it must have been returned by an earlier call to
malloc(),
calloc()
or
realloc().
If the area pointed to was moved, a
free(ptr)
is done.

Return Value

The
malloc()
and
calloc()
functions return a pointer to the allocated memory,
which is suitably aligned for any built-in type.
On error, these functions return NULL.
NULL may also be returned by a successful call to
malloc()
with a
size
of zero,
or by a successful call to
calloc()
with
nmemb
or
size
equal to zero.

The
free()
function returns no value.

The
realloc()
function returns a pointer to the newly allocated memory, which is suitably
aligned for any built-in type and may be different from
ptr,
or NULL if the request fails.
If
size
was equal to 0, either NULL or a pointer suitable to be passed to
free()
is returned.
If
realloc()
fails, the original block is left untouched; it is not freed or moved.

Conforming To

C89, C99.

Notes

By default, Linux follows an optimistic memory allocation strategy.
This means that when
malloc()
returns non-NULL there is no guarantee that the memory really
is available.
In case it turns out that the system is out of memory,
one or more processes will be killed by the OOM killer.
For more information, see the description of
/proc/sys/vm/overcommit_memory
and
/proc/sys/vm/oom_adj
in
proc(5),
and the Linux kernel source file
Documentation/vm/overcommit-accounting.

Normally,
malloc()
allocates memory from the heap, and adjusts the size of the heap
as required, using
sbrk(2).
When allocating blocks of memory larger than
MMAP_THRESHOLD
bytes, the glibc
malloc()
implementation allocates the memory as a private anonymous mapping using
mmap(2).
MMAP_THRESHOLD
is 128 kB by default, but is adjustable using
mallopt(3).
Allocations performed using
mmap(2)
are unaffected by the
RLIMIT_DATA
resource limit (see
getrlimit(2)).

To avoid corruption in multithreaded applications,
mutexes are used internally to protect the memory-management
data structures employed by these functions.
In a multithreaded application in which threads simultaneously
allocate and free memory,
there could be contention for these mutexes.
To scalably handle memory allocation in multithreaded applications,
glibc creates additional
memory allocation arenas
if mutex contention is detected.
Each arena is a large region of memory that is internally allocated
by the system
(using
brk(2)
or
mmap(2)),
and managed with its own mutexes.

The UNIX 98 standard requires
malloc(),
calloc(),
and
realloc()
to set
errno
to
ENOMEM
upon failure.
Glibc assumes that this is done
(and the glibc versions of these routines do this); if you
use a private malloc implementation that does not set
errno,
then certain library routines may fail without having
a reason in
errno.

Crashes in
malloc(),
calloc(),
realloc(),
or
free()
are almost always related to heap corruption, such as overflowing
an allocated chunk or freeing the same pointer twice.

The
malloc()
implementation is tunable via environment variables; see
mallopt(3)
for details.

See Also

Colophon

This page is part of release 3.80 of the Linux
man-pages
project.
A description of the project,
information about reporting bugs,
and the latest version of this page,
can be found at
http://www.kernel.org/doc/man-pages/.

License & Copyright

Copyright (c) 1993 by Thomas Koenig (ig25@rz.uni-karlsruhe.de)
%%%LICENSE_START(VERBATIM)
Permission is granted to make and distribute verbatim copies of this
manual provided the copyright notice and this permission notice are
preserved on all copies.
Permission is granted to copy and distribute modified versions of this
manual under the conditions for verbatim copying, provided that the
entire resulting derived work is distributed under the terms of a
permission notice identical to this one.
Since the Linux kernel and libraries are constantly changing, this
manual page may be incorrect or out-of-date. The author(s) assume no
responsibility for errors or omissions, or for damages resulting from
the use of the information contained herein. The author(s) may not
have taken the same level of care in the production of this manual,
which is licensed free of charge, as they might when working
professionally.
Formatted or processed versions of this manual, if unaccompanied by
the source, must acknowledge the copyright and authors of this work.
%%%LICENSE_END
Modified Sat Jul 24 19:00:59 1993 by Rik Faith (faith@cs.unc.edu)
Clarification concerning realloc, iwj10@cus.cam.ac.uk (Ian Jackson), 950701
Documented MALLOC_CHECK_, Wolfram Gloger (wmglo@dent.med.uni-muenchen.de)
2007-09-15 mtk: added notes on malloc()'s use of sbrk() and mmap().
FIXME . Review http://austingroupbugs.net/view.php?id=374
to see what changes are required on this page.